Unpredictable TCP Sequence Numbers in SP4 (192292)
The information in this article applies to:
- Microsoft Windows NT Server 4.0 Terminal Server Edition
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Server, Enterprise Edition 4.0
- Microsoft BackOffice Small Business Server 4.0
- Microsoft BackOffice Small Business Server 4.0a
This article was previously published under Q192292 SYMPTOMS
The TCP protocol assigns an initial sequence number to each connection.
Prior to Service Pack 4, it is possible, through careful analysis, to
determine the initial TCP sequence number for a specific Windows NT
communications session. By predicting a TCP session's sequence number, it
could be possible to disrupt the integrity of a communication session that
does not provide its own session integrity. This is often referred to as
"connection hijacking."
In Service Pack 4, the method of assigning sequence numbers to TCP session
has changed to make them more unpredictable.
RESOLUTION
To resolve this problem, obtain the latest service pack for Windows NT
version 4.0. For more information, please see the following article in the
Microsoft Knowledge Base.
152734
How to Obtain the Latest Windows NT 4.0 Service Pack
STATUS
Microsoft has confirmed this to be a problem in Windows NT version 4.0.
This problem was first corrected in Windows NT 4.0 Service Pack 4.
| Modification Type: | Minor | Last Reviewed: | 9/23/2005 |
|---|
| Keywords: | kbHotfixServer kbQFE kbbug kbFEA kbfix KB192292 |
|---|
|